Many conventional communication system call complexes, such as private branch exchanges (PBXs) and other premises-based telephone switches, are not configured to provide adequate security for Internet protocol (IP) communications. The security of IP communications processed by certain conventional call complexes may therefore be undermined through a variety of different types of attacks, including IP spoofing, denial of service, etc. These security issues are becoming increasingly important with the growth of voice-over-IP (VoIP) communications using conventional call complexes.
The above-noted security issues have been addressed to a limited extent by the International Telecommunication Union (ITU) in Draft ITU-T Recommendation H.235, “Security and Encryption for H Series (H.323 and other H.245 based) Multimedia Terminals,” January 1998, which is incorporated by reference herein. Unfortunately, this ITU-T Recommendation has a number of drawbacks. For example, the ITU-T Recommendation fails to provide adequate protocols and other techniques for functions such as key management and distribution, key setup and initialization, and adding participants to or dropping participants from a given call.
Although a wide variety of security solutions are known in the context of data transmission over the Internet, such solutions are often not directly applicable to the telephony-based call processing system context. For example, these existing data transmission solutions are often configured to operate with devices arranged in the form of a peer-to-peer network, and therefore do not provide techniques for conferencing multiple parties into a given secure channel or transferring a secure channel to another end unit device or application.
Without adequate security, conventional call processing systems configured to handle IP communications will continue to be vulnerable to the types of attacks noted above.
A need therefore exists for techniques for improving the security associated with the processing of IP communications as well as other communications in call complexes and end units of a call processing system.